Talk of the impact of the GDPR on the TV industry was a constant presence at the recent IBC. What have we learned about the GDPR so far and how is it changing the landscape?
We’re just over four months into the brave new era of Europe’s General Data Protection Regulations which were rolled out across the EU on May 25th. As yet is has been difficult to measure the full effects of the GDPR in the broadcast sector, especially given the complexity of the legislation and the different speeds at which it is being implemented by companies in the sector. In some ways it’s perhaps best even to think of it as a framework, one which will see the legal profession decide upon the finer details as the next few years unfold.
“The articles are open and prone to interpretation,” comments VO’s EVP Legal and Security, Christine Maury- Panis. “Within the EU interpretations will be different.”
Christine was speaking at GDPR - Obstacle or Opportunity?, one of the keynote sessions of our TV Leaders Summit held in Paris in May, one week before the GDPR itself was implemented. We’ve written about the GDPR before, and had many more conversations about it since with our customers at trade shows and events. Indeed the two presentations we gave at IBC both referenced it strongly (see Targeted Advertising in the GDPR World). And no doubt we will return to it in the future too as those European interpretations start to filter through. But a snapshot of where we are now is a useful tool.
GDPR and Media Implementation
Earlier this year, a Forgerock survey of 8000 consumers from the leading economies of US, Germany, France & UK presented some interesting findings regarding evolving attitudes to data. And this has implications for the relationship of GDPR and video.
You can read the full results here, but to summarize, as Forgerock says: “The research revealed a considerable lack of awareness about how much personal information is available online. Nearly half (47%) of consumers say they are not aware of how much data is available about them online, and many underestimate how much personal data has been shared online.
Perhaps more pertinently, 53% were also concerned about it.
What was a surprising finding was the amount of trust that consumers had in some organizations, with Amazon, for example, being trusted by 74%. This can be seen as despite the obvious amount of processing that is being done on their data, and is in stark contrast to the trust levels of social media platforms, even though these are still relatively high at 58%.
The implication here is that the transactional nature of the relationship with Amazon and the purchase of goods and services leads people into firmly defining themselves as consumers and Amazon as a retailer. This creates trust as it is a form of relationship they will build many times in their lives with other retailers. However, the relationship with social media channels provides experiences offered without payment, and, as Forgerock’s Eve Male puts it: “Our research shows that people do now understand that ‘If you’re not the customer, then you’re the product’.”
Hopefully this means that the consumer of Pay-TV or OTT services will have already established a sense of trust with the service provider due to the initial transactional nature of the relationship. However, we were moving into new territory here and there are very few certainties.
“This is a very strange landscape,” comments Christine. “But as this survey reveals there is a need for legislation and education so that people know more about their rights. You need to be more transparent. It’s very clear that trust is key and it is becoming very clear that consent is needed.”
GDPR - Making Companies Accountable
One thing that is becoming increasingly obvious is that the GDPR rollout was very much a Big Bang style event: one where the initial explosion changes everything around it instantly and then continues to reverberate for ever after. GDPR compliance is an ongoing task and not something that had to be in place for May 25, 2018 and could then be quietly forgotten about.
Given the patchiness of the response to the legislation, there is plenty of work to be done across all industries too. Recent survey data following several months of implementation suggests that as of August 2018:
- 27% of EU companies report they are GDPR complaint
- 74% expect to be compliant by end of 2018
- 93% expect to be compliant by end of 2018
Speaking at TVLS, Cédric Prevost, Marketing Director for Security & Managed Services, Orange Cloud for Business maintained that 80% of the legislation contained within the GDPR was already in existence before the regulations were drafted. And while the 20% of new legislation grants new rights to customers and means new obligations for the data controllers, companies also have requirements that have been loosened.
“It’s actually easier to work with data under the GDPR rules than it was under the 1995 data protection legislation,” he said, “but the key change is the new obligation of accountability. Up until now the regulator had to demonstrate that you had done something wrong, if there had been a leak. Now, under GDPR, all companies will have to demonstrate they will have done everything they could. That is the major change: that is the game-changer. Beforehand you had to be caught red-handed to be fined. Now if you are not able to prove you have put all the technical and organizational measures in place to protect the data of your customers, you could be in breech.”
And it’s here that we come across some of the real complexities of the legislation. For instance, the regulations contain the phrase “state-of-the-art” with regard to security requirements. However, as Duncan Brown, associate vice president, European infrastructure and security at IDC, revealed in an interview with CMO that phrase has different meanings in different languages.
“Our research found that in Denmark, for example, state of the art refers to what everyone else is using, whereas in Germany it means using the latest technology available. In the UK it means the latest reliable technology available – not mass adopted, but not bleeding edge either. It’s these nuances that are open to scrutiny.”
The Future of GDPR and the Media
This is an important issue as within the EU member nations themselves interpretations will be different. And, of course, there are more variables being delivered into the equation by the ongoing situation with the UK and its negotiations involving Brexit. With London being such a hub for the European OTT industry in particular, this delivers an unwelcome note of uncertainty into many business plans. The relationship between GDPR and Media could yet be a rocky one.
As far as the consumer is concerned, so far the broadcast industry is not in the firing line. A June survey of 1,850 people in the UK and the Republic of Ireland reported in eMarketer analyzed where the fault lines were as far as consumers were concerned, with social media very much at the forefront.
And yet, while there is no doubt that the GDPR represents a challenge for many businesses, as trust becomes an increasingly important part of any company’s relationship with the consumer it is timely legislation.
“We have been living in a digital economy for the last five years or so now and this is accelerating, said Cédric Prevost. “GDPR legislation will make this digital economy much safer for the EU citizens. It’s a great opportunity. Yes, it is a bet: these regulations will make it more difficult for EU companies to compete in the worldwide market. But in the midterm we can all imagine this could be a great asset.
“Virtuousness will be recognized,” he concluded. “Millennials are extremely interested in the value they get from the data they are sharing and the GDPR is making this transaction more transparent.”
It is, of course, still very early days in the new relationship between GDPR and Media and we are yet to see significant changes in consumer behavior in the broadcast industry as a result of its implementation. However, that time will undoubtedly come, especially as the value of their data becomes clear to the consumer. And, in a competitive market with high rates of churn and increasing amounts of consumer choice, the broadcasters and operators that have put consumer privacy at the forefront of their planning will likely be the ones that benefit the most.